Total
68 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12541 | 2 Eclipse, Redhat | 3 Vert.x, Jboss Fuse, Openshift Application Runtimes | 2024-11-21 | 6.5 Medium |
| In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed. | ||||
| CVE-2017-7652 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
| In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail. | ||||
| CVE-2017-7651 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
| In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol. | ||||
| CVE-2017-20016 | 1 Weka | 1 Interest Security Scanner | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Portscan. The manipulation with an unknown input leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2024-40680 | 1 Ibm | 2 Mq Appliance, Mq Operator | 2024-10-31 | 5.5 Medium |
| IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. | ||||
| CVE-2024-20260 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2024-10-25 | 8.6 High |
| A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together. This vulnerability is due to a lack of proper memory management for new incoming SSL/TLS connections on the virtual platforms. An attacker could exploit this vulnerability by sending a large number of new incoming SSL/TLS connections to the targeted virtual platform. A successful exploit could allow the attacker to deplete system memory, resulting in a denial of service (DoS) condition. The memory could be reclaimed slowly if the attack traffic is stopped, but a manual reload may be required to restore operations quickly. | ||||
| CVE-2024-35152 | 1 Ibm | 1 Db2 | 2024-08-23 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639. | ||||
| CVE-2024-37529 | 1 Ibm | 1 Db2 | 2024-08-23 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295. | ||||